aws-sdk-workmail 1.50.0 → 1.52.0

data/lib/aws-sdk-workmail/client.rb

@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:workmail)
@@ -79,8 +79,9 @@ module Aws::WorkMail
     add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
+    add_plugin(Aws::WorkMail::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -297,6 +298,19 @@ module Aws::WorkMail
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -310,6 +324,9 @@ module Aws::WorkMail
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::WorkMail::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::WorkMail::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -421,6 +438,43 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
+    # Assumes an impersonation role for the given WorkMail organization.
+    # This method returns an authentication token you can use to make
+    # impersonated calls.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization under which the impersonation role will be
+    #   assumed.
+    #
+    # @option params [required, String] :impersonation_role_id
+    #   The impersonation role ID to assume.
+    #
+    # @return [Types::AssumeImpersonationRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssumeImpersonationRoleResponse#token #token} => String
+    #   * {Types::AssumeImpersonationRoleResponse#expires_in #expires_in} => Integer
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.assume_impersonation_role({
+    #     organization_id: "OrganizationId", # required
+    #     impersonation_role_id: "ImpersonationRoleId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.token #=> String
+    #   resp.expires_in #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/AssumeImpersonationRole AWS API Documentation
+    #
+    # @overload assume_impersonation_role(params = {})
+    # @param [Hash] params ({})
+    def assume_impersonation_role(params = {}, options = {})
+      req = build_request(:assume_impersonation_role, params)
+      req.send_request(options)
+    end
+
     # Cancels a mailbox export job.
     #
     # <note markdown="1"> If the mailbox export job is near completion, it might not be possible
@@ -459,7 +513,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Adds an alias to the set of a given member (user or group) of Amazon
+    # Adds an alias to the set of a given member (user or group) of
     # WorkMail.
     #
     # @option params [required, String] :organization_id
@@ -501,8 +555,8 @@ module Aws::WorkMail
     #   not need to pass this option.**
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the
-    #   `AvailabilityConfiguration` will be created.
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be created.
     #
     # @option params [required, String] :domain_name
     #   The domain to which the provider applies.
@@ -544,7 +598,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Creates a group that can be used in Amazon WorkMail by calling the
+    # Creates a group that can be used in WorkMail by calling the
     # RegisterToWorkMail operation.
     #
     # @option params [required, String] :organization_id
@@ -577,11 +631,77 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Creates a new mobile device access rule for the specified Amazon
-    # WorkMail organization.
+    # Creates an impersonation role for the given WorkMail organization.
+    #
+    # *Idempotency* ensures that an API request completes no more than one
+    # time. With an idempotent request, if the original request completes
+    # successfully, any subsequent retries also complete successfully
+    # without performing any further actions.
+    #
+    # @option params [String] :client_token
+    #   The idempotency token for the client request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization under which the rule will be created.
+    #   The WorkMail organization to create the new impersonation role within.
+    #
+    # @option params [required, String] :name
+    #   The name of the new impersonation role.
+    #
+    # @option params [required, String] :type
+    #   The impersonation role's type. The available impersonation role types
+    #   are `READ_ONLY` or `FULL_ACCESS`.
+    #
+    # @option params [String] :description
+    #   The description of the new impersonation role.
+    #
+    # @option params [required, Array<Types::ImpersonationRule>] :rules
+    #   The list of rules for the impersonation role.
+    #
+    # @return [Types::CreateImpersonationRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateImpersonationRoleResponse#impersonation_role_id #impersonation_role_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_impersonation_role({
+    #     client_token: "IdempotencyClientToken",
+    #     organization_id: "OrganizationId", # required
+    #     name: "ImpersonationRoleName", # required
+    #     type: "FULL_ACCESS", # required, accepts FULL_ACCESS, READ_ONLY
+    #     description: "ImpersonationRoleDescription",
+    #     rules: [ # required
+    #       {
+    #         impersonation_rule_id: "ImpersonationRuleId", # required
+    #         name: "ImpersonationRuleName",
+    #         description: "ImpersonationRuleDescription",
+    #         effect: "ALLOW", # required, accepts ALLOW, DENY
+    #         target_users: ["EntityIdentifier"],
+    #         not_target_users: ["EntityIdentifier"],
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.impersonation_role_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/CreateImpersonationRole AWS API Documentation
+    #
+    # @overload create_impersonation_role(params = {})
+    # @param [Hash] params ({})
+    def create_impersonation_role(params = {}, options = {})
+      req = build_request(:create_impersonation_role, params)
+      req.send_request(options)
+    end
+
+    # Creates a new mobile device access rule for the specified WorkMail
+    # organization.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization under which the rule will be created.
     #
     # @option params [String] :client_token
     #   The idempotency token for the client request.
@@ -662,26 +782,25 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Creates a new Amazon WorkMail organization. Optionally, you can choose
-    # to associate an existing AWS Directory Service directory with your
+    # Creates a new WorkMail organization. Optionally, you can choose to
+    # associate an existing AWS Directory Service directory with your
     # organization. If an AWS Directory Service directory ID is specified,
     # the organization alias must match the directory alias. If you choose
     # not to associate an existing directory with your organization, then we
-    # create a new Amazon WorkMail directory for you. For more information,
-    # see [Adding an organization][1] in the *Amazon WorkMail Administrator
-    # Guide*.
+    # create a new WorkMail directory for you. For more information, see
+    # [Adding an organization][1] in the *WorkMail Administrator Guide*.
     #
     # You can associate multiple email domains with an organization, then
-    # set your default email domain from the Amazon WorkMail console. You
-    # can also associate a domain that is managed in an Amazon Route 53
-    # public hosted zone. For more information, see [Adding a domain][2] and
-    # [Choosing the default domain][3] in the *Amazon WorkMail Administrator
+    # choose your default email domain from the WorkMail console. You can
+    # also associate a domain that is managed in an Amazon Route 53 public
+    # hosted zone. For more information, see [Adding a domain][2] and
+    # [Choosing the default domain][3] in the *WorkMail Administrator
     # Guide*.
     #
-    # Optionally, you can use a customer managed master key from AWS Key
-    # Management Service (AWS KMS) to encrypt email for your organization.
-    # If you don't associate an AWS KMS key, Amazon WorkMail creates a
-    # default AWS managed master key for you.
+    # Optionally, you can use a customer managed key from AWS Key Management
+    # Service (AWS KMS) to encrypt email for your organization. If you
+    # don't associate an AWS KMS key, WorkMail creates a default, AWS
+    # managed key for you.
     #
     #
     #
@@ -705,13 +824,12 @@ module Aws::WorkMail
     #   The email domains to associate with the organization.
     #
     # @option params [String] :kms_key_arn
-    #   The Amazon Resource Name (ARN) of a customer managed master key from
-    #   AWS KMS.
+    #   The Amazon Resource Name (ARN) of a customer managed key from AWS KMS.
     #
     # @option params [Boolean] :enable_interoperability
-    #   When `true`, allows organization interoperability between Amazon
-    #   WorkMail and Microsoft Exchange. Can only be set to `true` if an AD
-    #   Connector directory ID is included in the request.
+    #   When `true`, allows organization interoperability between WorkMail and
+    #   Microsoft Exchange. If `true`, you must include a AD Connector
+    #   directory ID in the request.
     #
     # @return [Types::CreateOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -746,7 +864,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Creates a new Amazon WorkMail resource.
+    # Creates a new WorkMail resource.
     #
     # @option params [required, String] :organization_id
     #   The identifier associated with the organization for which the resource
@@ -784,7 +902,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Creates a user who can be used in Amazon WorkMail by calling the
+    # Creates a user who can be used in WorkMail by calling the
     # RegisterToWorkMail operation.
     #
     # @option params [required, String] :organization_id
@@ -897,8 +1015,8 @@ module Aws::WorkMail
     # organization and domain.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the
-    #   `AvailabilityConfiguration` will be deleted.
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be deleted.
     #
     # @option params [required, String] :domain_name
     #   The domain for which the `AvailabilityConfiguration` will be deleted.
@@ -945,7 +1063,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Deletes a group from Amazon WorkMail.
+    # Deletes a group from WorkMail.
     #
     # @option params [required, String] :organization_id
     #   The organization that contains the group.
@@ -971,6 +1089,32 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
+    # Deletes an impersonation role for the given WorkMail organization.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization from which to delete the impersonation role.
+    #
+    # @option params [required, String] :impersonation_role_id
+    #   The ID of the impersonation role to delete.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_impersonation_role({
+    #     organization_id: "OrganizationId", # required
+    #     impersonation_role_id: "ImpersonationRoleId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/DeleteImpersonationRole AWS API Documentation
+    #
+    # @overload delete_impersonation_role(params = {})
+    # @param [Hash] params ({})
+    def delete_impersonation_role(params = {}, options = {})
+      req = build_request(:delete_impersonation_role, params)
+      req.send_request(options)
+    end
+
     # Deletes permissions granted to a member (user or group).
     #
     # @option params [required, String] :organization_id
@@ -1013,7 +1157,7 @@ module Aws::WorkMail
     #  </note>
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the access override will be
+    #   The WorkMail organization for which the access override will be
     #   deleted.
     #
     # @option params [required, String] :user_id
@@ -1050,7 +1194,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Deletes a mobile device access rule for the specified Amazon WorkMail
+    # Deletes a mobile device access rule for the specified WorkMail
     # organization.
     #
     # <note markdown="1"> Deleting already deleted and non-existing rules does not produce an
@@ -1060,7 +1204,7 @@ module Aws::WorkMail
     #  </note>
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization under which the rule will be deleted.
+    #   The WorkMail organization under which the rule will be deleted.
     #
     # @option params [required, String] :mobile_device_access_rule_id
     #   The identifier of the rule to be deleted.
@@ -1083,11 +1227,10 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Deletes an Amazon WorkMail organization and all underlying AWS
-    # resources managed by Amazon WorkMail as part of the organization. You
-    # can choose whether to delete the associated directory. For more
-    # information, see [Removing an organization][1] in the *Amazon WorkMail
-    # Administrator Guide*.
+    # Deletes an WorkMail organization and all underlying AWS resources
+    # managed by WorkMail as part of the organization. You can choose
+    # whether to delete the associated directory. For more information, see
+    # [Removing an organization][1] in the *WorkMail Administrator Guide*.
     #
     #
     #
@@ -1187,8 +1330,8 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Deletes a user from Amazon WorkMail and all subsequent systems. Before
-    # you can delete a user, the user state must be `DISABLED`. Use the
+    # Deletes a user from WorkMail and all subsequent systems. Before you
+    # can delete a user, the user state must be `DISABLED`. Use the
     # DescribeUser action to confirm the user state.
     #
     # Deleting a user is permanent and cannot be undone. WorkMail archives
@@ -1218,14 +1361,14 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Mark a user, group, or resource as no longer used in Amazon WorkMail.
-    # This action disassociates the mailbox and schedules it for clean-up.
+    # Mark a user, group, or resource as no longer used in WorkMail. This
+    # action disassociates the mailbox and schedules it for clean-up.
     # WorkMail keeps mailboxes for 30 days before they are permanently
     # removed. The functionality in the console is *Disable*.
     #
     # @option params [required, String] :organization_id
-    #   The identifier for the organization under which the Amazon WorkMail
-    #   entity exists.
+    #   The identifier for the organization under which the WorkMail entity
+    #   exists.
     #
     # @option params [required, String] :entity_id
     #   The identifier for the member (user or group) to be updated.
@@ -1248,15 +1391,13 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Removes a domain from Amazon WorkMail, stops email routing to
-    # WorkMail, and removes the authorization allowing WorkMail use. SES
-    # keeps the domain because other applications may use it. You must first
-    # remove any email address used by WorkMail entities before you remove
-    # the domain.
+    # Removes a domain from WorkMail, stops email routing to WorkMail, and
+    # removes the authorization allowing WorkMail use. SES keeps the domain
+    # because other applications may use it. You must first remove any email
+    # address used by WorkMail entities before you remove the domain.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the domain will be
-    #   deregistered.
+    #   The WorkMail organization for which the domain will be deregistered.
     #
     # @option params [required, String] :domain_name
     #   The domain to deregister in WorkMail and SES.
@@ -1638,7 +1779,10 @@ module Aws::WorkMail
     end
 
     # Gets the effects of an organization's access control rules as they
-    # apply to a specified IPv4 address, access protocol action, or user ID.
+    # apply to a specified IPv4 address, access protocol action, and user ID
+    # or impersonation role ID. You must provide either the user ID or
+    # impersonation role ID. Impersonation role ID can only be used with
+    # Action EWS.
     #
     # @option params [required, String] :organization_id
     #   The identifier for the organization.
@@ -1651,9 +1795,12 @@ module Aws::WorkMail
     #   `AutoDiscover`, `EWS`, `IMAP`, `SMTP`, `WindowsOutlook`, and
     #   `WebMail`.
     #
-    # @option params [required, String] :user_id
+    # @option params [String] :user_id
     #   The user ID.
     #
+    # @option params [String] :impersonation_role_id
+    #   The impersonation role ID.
+    #
     # @return [Types::GetAccessControlEffectResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetAccessControlEffectResponse#effect #effect} => String
@@ -1665,7 +1812,8 @@ module Aws::WorkMail
     #     organization_id: "OrganizationId", # required
     #     ip_address: "IpAddress", # required
     #     action: "AccessControlRuleAction", # required
-    #     user_id: "WorkMailIdentifier", # required
+    #     user_id: "WorkMailIdentifier",
+    #     impersonation_role_id: "ImpersonationRoleId",
     #   })
     #
     # @example Response structure
@@ -1721,11 +1869,116 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
+    # Gets the impersonation role details for the given WorkMail
+    # organization.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization from which to retrieve the impersonation
+    #   role.
+    #
+    # @option params [required, String] :impersonation_role_id
+    #   The impersonation role ID to retrieve.
+    #
+    # @return [Types::GetImpersonationRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetImpersonationRoleResponse#impersonation_role_id #impersonation_role_id} => String
+    #   * {Types::GetImpersonationRoleResponse#name #name} => String
+    #   * {Types::GetImpersonationRoleResponse#type #type} => String
+    #   * {Types::GetImpersonationRoleResponse#description #description} => String
+    #   * {Types::GetImpersonationRoleResponse#rules #rules} => Array&lt;Types::ImpersonationRule&gt;
+    #   * {Types::GetImpersonationRoleResponse#date_created #date_created} => Time
+    #   * {Types::GetImpersonationRoleResponse#date_modified #date_modified} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_impersonation_role({
+    #     organization_id: "OrganizationId", # required
+    #     impersonation_role_id: "ImpersonationRoleId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.impersonation_role_id #=> String
+    #   resp.name #=> String
+    #   resp.type #=> String, one of "FULL_ACCESS", "READ_ONLY"
+    #   resp.description #=> String
+    #   resp.rules #=> Array
+    #   resp.rules[0].impersonation_rule_id #=> String
+    #   resp.rules[0].name #=> String
+    #   resp.rules[0].description #=> String
+    #   resp.rules[0].effect #=> String, one of "ALLOW", "DENY"
+    #   resp.rules[0].target_users #=> Array
+    #   resp.rules[0].target_users[0] #=> String
+    #   resp.rules[0].not_target_users #=> Array
+    #   resp.rules[0].not_target_users[0] #=> String
+    #   resp.date_created #=> Time
+    #   resp.date_modified #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRole AWS API Documentation
+    #
+    # @overload get_impersonation_role(params = {})
+    # @param [Hash] params ({})
+    def get_impersonation_role(params = {}, options = {})
+      req = build_request(:get_impersonation_role, params)
+      req.send_request(options)
+    end
+
+    # Tests whether the given impersonation role can impersonate a target
+    # user.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization where the impersonation role is defined.
+    #
+    # @option params [required, String] :impersonation_role_id
+    #   The impersonation role ID to test.
+    #
+    # @option params [required, String] :target_user
+    #   The WorkMail organization user chosen to test the impersonation role.
+    #   The following identity formats are available:
+    #
+    #   * User ID: `12345678-1234-1234-1234-123456789012` or
+    #     `S-1-1-12-1234567890-123456789-123456789-1234`
+    #
+    #   * Email address: `user@domain.tld`
+    #
+    #   * User name: `user`
+    #
+    # @return [Types::GetImpersonationRoleEffectResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetImpersonationRoleEffectResponse#type #type} => String
+    #   * {Types::GetImpersonationRoleEffectResponse#effect #effect} => String
+    #   * {Types::GetImpersonationRoleEffectResponse#matched_rules #matched_rules} => Array&lt;Types::ImpersonationMatchedRule&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_impersonation_role_effect({
+    #     organization_id: "OrganizationId", # required
+    #     impersonation_role_id: "ImpersonationRoleId", # required
+    #     target_user: "EntityIdentifier", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.type #=> String, one of "FULL_ACCESS", "READ_ONLY"
+    #   resp.effect #=> String, one of "ALLOW", "DENY"
+    #   resp.matched_rules #=> Array
+    #   resp.matched_rules[0].impersonation_rule_id #=> String
+    #   resp.matched_rules[0].name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/GetImpersonationRoleEffect AWS API Documentation
+    #
+    # @overload get_impersonation_role_effect(params = {})
+    # @param [Hash] params ({})
+    def get_impersonation_role_effect(params = {}, options = {})
+      req = build_request(:get_impersonation_role_effect, params)
+      req.send_request(options)
+    end
+
     # Gets details for a mail domain, including domain records required to
     # configure your domain with recommended security.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the domain is retrieved.
+    #   The WorkMail organization for which the domain is retrieved.
     #
     # @option params [required, String] :domain_name
     #   The domain from which you want to retrieve details.
@@ -1804,10 +2057,10 @@ module Aws::WorkMail
     # Simulates the effect of the mobile device access rules for the given
     # attributes of a sample access event. Use this method to test the
     # effects of the current set of mobile device access rules for the
-    # Amazon WorkMail organization for a particular user's attributes.
+    # WorkMail organization for a particular user's attributes.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization to simulate the access effect for.
+    #   The WorkMail organization to simulate the access effect for.
     #
     # @option params [String] :device_type
     #   Device type the simulated user will report.
@@ -1856,8 +2109,7 @@ module Aws::WorkMail
     # organization, user, and device.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization to which you want to apply the
-    #   override.
+    #   The WorkMail organization to which you want to apply the override.
     #
     # @option params [required, String] :user_id
     #   Identifies the WorkMail user for the override. Accepts the following
@@ -1944,6 +2196,10 @@ module Aws::WorkMail
     #   resp.rules[0].not_user_ids[0] #=> String
     #   resp.rules[0].date_created #=> Time
     #   resp.rules[0].date_modified #=> Time
+    #   resp.rules[0].impersonation_role_ids #=> Array
+    #   resp.rules[0].impersonation_role_ids[0] #=> String
+    #   resp.rules[0].not_impersonation_role_ids #=> Array
+    #   resp.rules[0].not_impersonation_role_ids[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListAccessControlRules AWS API Documentation
     #
@@ -2005,8 +2261,8 @@ module Aws::WorkMail
     # organization.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the
-    #   `AvailabilityConfiguration`'s will be listed.
+    #   The WorkMail organization for which the `AvailabilityConfiguration`'s
+    #   will be listed.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in a single call.
@@ -2151,10 +2407,57 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Lists the mail domains in a given Amazon WorkMail organization.
+    # Lists all the impersonation roles for the given WorkMail organization.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization to which the listed impersonation roles
+    #   belong.
+    #
+    # @option params [String] :next_token
+    #   The token used to retrieve the next page of results. The first call
+    #   doesn't require a token.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results returned in a single call.
+    #
+    # @return [Types::ListImpersonationRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListImpersonationRolesResponse#roles #roles} => Array&lt;Types::ImpersonationRole&gt;
+    #   * {Types::ListImpersonationRolesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_impersonation_roles({
+    #     organization_id: "OrganizationId", # required
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.roles #=> Array
+    #   resp.roles[0].impersonation_role_id #=> String
+    #   resp.roles[0].name #=> String
+    #   resp.roles[0].type #=> String, one of "FULL_ACCESS", "READ_ONLY"
+    #   resp.roles[0].date_created #=> Time
+    #   resp.roles[0].date_modified #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/ListImpersonationRoles AWS API Documentation
+    #
+    # @overload list_impersonation_roles(params = {})
+    # @param [Hash] params ({})
+    def list_impersonation_roles(params = {}, options = {})
+      req = build_request(:list_impersonation_roles, params)
+      req.send_request(options)
+    end
+
+    # Lists the mail domains in a given WorkMail organization.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which to list domains.
+    #   The WorkMail organization for which to list domains.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in a single call.
@@ -2300,8 +2603,8 @@ module Aws::WorkMail
     # of WorkMail organization, user, or device.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization under which to list mobile device
-    #   access overrides.
+    #   The WorkMail organization under which to list mobile device access
+    #   overrides.
     #
     # @option params [String] :user_id
     #   The WorkMail user under which you list the mobile device access
@@ -2361,11 +2664,11 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Lists the mobile device access rules for the specified Amazon WorkMail
+    # Lists the mobile device access rules for the specified WorkMail
     # organization.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which to list the rules.
+    #   The WorkMail organization for which to list the rules.
     #
     # @return [Types::ListMobileDeviceAccessRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2551,7 +2854,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Lists the tags applied to an Amazon WorkMail organization resource.
+    # Lists the tags applied to an WorkMail organization resource.
     #
     # @option params [required, String] :resource_arn
     #   The resource ARN.
@@ -2632,8 +2935,9 @@ module Aws::WorkMail
 
     # Adds a new access control rule for the specified organization. The
     # rule allows or denies access to the organization for the specified
-    # IPv4 addresses, access protocol actions, and user IDs. Adding a new
-    # rule with the same name as an existing rule replaces the older rule.
+    # IPv4 addresses, access protocol actions, user IDs and impersonation
+    # IDs. Adding a new rule with the same name as an existing rule replaces
+    # the older rule.
     #
     # @option params [required, String] :name
     #   The rule name.
@@ -2669,6 +2973,12 @@ module Aws::WorkMail
     # @option params [required, String] :organization_id
     #   The identifier of the organization.
     #
+    # @option params [Array<String>] :impersonation_role_ids
+    #   Impersonation role IDs to include in the rule.
+    #
+    # @option params [Array<String>] :not_impersonation_role_ids
+    #   Impersonation role IDs to exclude from the rule.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2684,6 +2994,8 @@ module Aws::WorkMail
     #     user_ids: ["WorkMailIdentifier"],
     #     not_user_ids: ["WorkMailIdentifier"],
     #     organization_id: "OrganizationId", # required
+    #     impersonation_role_ids: ["ImpersonationRoleId"],
+    #     not_impersonation_role_ids: ["ImpersonationRoleId"],
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/PutAccessControlRule AWS API Documentation
@@ -2803,7 +3115,7 @@ module Aws::WorkMail
     # WorkMail organization, user, and device.
     #
     # @option params [required, String] :organization_id
-    #   Identifies the Amazon WorkMail organization for which you create the
+    #   Identifies the WorkMail organization for which you create the
     #   override.
     #
     # @option params [required, String] :user_id
@@ -2892,11 +3204,10 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Registers a new domain in Amazon WorkMail and SES, and configures it
-    # for use by WorkMail. Emails received by SES for this domain are routed
-    # to the specified WorkMail organization, and WorkMail has permanent
-    # permission to use the specified domain for sending your users'
-    # emails.
+    # Registers a new domain in WorkMail and SES, and configures it for use
+    # by WorkMail. Emails received by SES for this domain are routed to the
+    # specified WorkMail organization, and WorkMail has permanent permission
+    # to use the specified domain for sending your users' emails.
     #
     # @option params [String] :client_token
     #   Idempotency token used when retrying requests.
@@ -2905,11 +3216,10 @@ module Aws::WorkMail
     #   not need to pass this option.**
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization under which you're creating the
-    #   domain.
+    #   The WorkMail organization under which you're creating the domain.
     #
     # @option params [required, String] :domain_name
-    #   The name of the mail domain to create in Amazon WorkMail and SES.
+    #   The name of the mail domain to create in WorkMail and SES.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2930,7 +3240,7 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Registers an existing and disabled user, group, or resource for Amazon
+    # Registers an existing and disabled user, group, or resource for
     # WorkMail use by associating a mailbox and calendaring capabilities. It
     # performs no change if the user, group, or resource is enabled and
     # fails if the user, group, or resource is deleted. This operation
@@ -3009,8 +3319,7 @@ module Aws::WorkMail
     # Starts a mailbox export job to export MIME-format email messages and
     # calendar items from the specified mailbox to the specified Amazon
     # Simple Storage Service (Amazon S3) bucket. For more information, see
-    # [Exporting mailbox content][1] in the *Amazon WorkMail Administrator
-    # Guide*.
+    # [Exporting mailbox content][1] in the *WorkMail Administrator Guide*.
     #
     #
     #
@@ -3075,8 +3384,8 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Applies the specified tags to the specified Amazon WorkMail
-    # organization resource.
+    # Applies the specified tags to the specified WorkMailorganization
+    # resource.
     #
     # @option params [required, String] :resource_arn
     #   The resource ARN.
@@ -3122,8 +3431,8 @@ module Aws::WorkMail
     #  </note>
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization where the availability provider will
-    #   be tested.
+    #   The WorkMail organization where the availability provider will be
+    #   tested.
     #
     # @option params [String] :domain_name
     #   The domain to which the provider applies. If this field is provided, a
@@ -3171,8 +3480,8 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Untags the specified tags from the specified Amazon WorkMail
-    # organization resource.
+    # Untags the specified tags from the specified WorkMail organization
+    # resource.
     #
     # @option params [required, String] :resource_arn
     #   The resource ARN.
@@ -3202,8 +3511,8 @@ module Aws::WorkMail
     # organization and domain.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which the
-    #   `AvailabilityConfiguration` will be updated.
+    #   The WorkMail organization for which the `AvailabilityConfiguration`
+    #   will be updated.
     #
     # @option params [required, String] :domain_name
     #   The domain to which the provider applies the availability
@@ -3252,7 +3561,7 @@ module Aws::WorkMail
     # when enabling a mail user. You can only have one default domain.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization for which to list domains.
+    #   The WorkMail organization for which to list domains.
     #
     # @option params [required, String] :domain_name
     #   The domain name that will become the default domain.
@@ -3275,6 +3584,58 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
+    # Updates an impersonation role for the given WorkMail organization.
+    #
+    # @option params [required, String] :organization_id
+    #   The WorkMail organization that contains the impersonation role to
+    #   update.
+    #
+    # @option params [required, String] :impersonation_role_id
+    #   The ID of the impersonation role to update.
+    #
+    # @option params [required, String] :name
+    #   The updated impersonation role name.
+    #
+    # @option params [required, String] :type
+    #   The updated impersonation role type.
+    #
+    # @option params [String] :description
+    #   The updated impersonation role description.
+    #
+    # @option params [required, Array<Types::ImpersonationRule>] :rules
+    #   The updated list of rules.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_impersonation_role({
+    #     organization_id: "OrganizationId", # required
+    #     impersonation_role_id: "ImpersonationRoleId", # required
+    #     name: "ImpersonationRoleName", # required
+    #     type: "FULL_ACCESS", # required, accepts FULL_ACCESS, READ_ONLY
+    #     description: "ImpersonationRoleDescription",
+    #     rules: [ # required
+    #       {
+    #         impersonation_rule_id: "ImpersonationRuleId", # required
+    #         name: "ImpersonationRuleName",
+    #         description: "ImpersonationRuleDescription",
+    #         effect: "ALLOW", # required, accepts ALLOW, DENY
+    #         target_users: ["EntityIdentifier"],
+    #         not_target_users: ["EntityIdentifier"],
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/workmail-2017-10-01/UpdateImpersonationRole AWS API Documentation
+    #
+    # @overload update_impersonation_role(params = {})
+    # @param [Hash] params ({})
+    def update_impersonation_role(params = {}, options = {})
+      req = build_request(:update_impersonation_role, params)
+      req.send_request(options)
+    end
+
     # Updates a user's current mailbox quota for a specified organization
     # and user.
     #
@@ -3307,11 +3668,11 @@ module Aws::WorkMail
       req.send_request(options)
     end
 
-    # Updates a mobile device access rule for the specified Amazon WorkMail
+    # Updates a mobile device access rule for the specified WorkMail
     # organization.
     #
     # @option params [required, String] :organization_id
-    #   The Amazon WorkMail organization under which the rule will be updated.
+    #   The WorkMail organization under which the rule will be updated.
     #
     # @option params [required, String] :mobile_device_access_rule_id
     #   The identifier of the rule to be updated.
@@ -3471,7 +3832,7 @@ module Aws::WorkMail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-workmail'
-      context[:gem_version] = '1.50.0'
+      context[:gem_version] = '1.52.0'
       Seahorse::Client::Request.new(handlers, context)
     end